CVE-2023-3168

Summary

CVE-2023-3168 is a vulnerability in the WP Reroute Email plugin for WordPress, affecting versions up to and including 1.4.9. The vulnerability arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts into pages. This means that whenever a user accesses an injected page, the injected scripts will execute. The vulnerability has a CVSS score of 6.1, indicating a medium severity level. It has been categorized as CWE-79, which refers to improper neutralization of input during web page generation (cross-site scripting). There are 63 recorded instances of this vulnerability, and it affects multiple products within the affected_products list. To remediate this vulnerability, users should update their WP Reroute Email plugin to a version that includes the necessary security patches. The potential danger posed to organizations is significant as it enables attackers to execute malicious scripts, potentially leading to the compromise of sensitive information or unauthorized access within affected WordPress websites utilizing the vulnerable plugin version.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.